Skip to Content

Privacy Policy

Effective Date: January 3, 2018

Firstmark Services provides this Website Privacy Policy (“Policy”) to inform you of our policies and procedures regarding the collection, use and disclosure of personal information we receive from users of products and services (individually and collectively, the “Services”) through a website,, (the “Website”). In this Policy the terms “we,” “us,” or “our” shall refer to Firstmark Services. The terms “you”, “your”, or “User” shall refer to any individual or entity who accepts this Policy. This Policy is subject to change from time to time, so be sure to check back occasionally to ensure you have read the most current version. This Policy applies to users who are located in the U.S. when visiting the Website. This Policy does not apply to information you provide to any third party service provider(s) related to or whose services are incorporated into the Website; information you provide to third parties shall be controlled by their respective privacy policies.

Please note that since Firstmark Services services, but does not own, your student loan, your lender’s privacy policy primarily applies with respect to your loans, and you should review that policy as well.

This Policy explains our collection and use practices regarding consumer information, including how and what we share with our related companies and with unrelated entities. Protecting your privacy is important to Firstmark Services and our employees. We want you to understand what information we collect and how we use it. This Policy is the standard for Firstmark Services employees regarding collection, use, retention, and security of Nonpublic Personal Information and Personally Identifiable Information (as defined below). If we stop servicing your loan(s) we will continue to adhere to the privacy policies and practices described in this Policy.

We reserve the right at any time, and in our sole discretion, to change or modify this Policy. If any such changes or modifications are made, we will update the “Last Revised” date appearing at the top of this web page. Such changes or modifications shall be effective immediately upon posting to the Website, and supersede any prior versions of this Policy. Your use of the Website or the Services provided through the Website following such changes or modifications shall constitute your acceptance of the Policy as last revised. Firstmark is a division of Nelnet, Inc. This Policy governs the privacy policies of this Website only. Other divisions of Nelnet, Inc. will detail their privacy practices on their respective websites.

Information We Collect

Why We Collect Information

We collect information so we can identify you as our customer, to establish, manage and protect your accounts, to complete your transactions, to create and offer you products and services you might be interested in, and to comply with various legal and regulatory requirements.

Non-Identifying Information

We may collect information from your visit or as part of the registration and administration of your account, in order to personalize and improve upon your experience with us, such as, without limitation, age and individual preferences (“Non-Identifying Information”).

The Website uses cookies in several applications for navigational purposes. A cookie is a small text file placed on your hard drive (with your permission) by a web page server. Accepting a cookie from the Website does not give Firstmark Services access to your computer or any Personally Identifiable Information about you. Also, the type of cookies we use don’t get stored permanently in your computer – they expire immediately after you close your browser and are deleted. You can also set up your web browser to inform you when cookies are set or to prevent cookies from being set.

When you enter the Website, you will pass through our security firewall and we identify the Internet Protocol (IP) address of your computer or handheld device. The IP address will not identify you personally, but it will let us identify the device you are using. We store IP addresses in case we need to track a connection for security purposes. We may also collect information about the device you are using to access Administrator Services, including what type of device it is, what operating system you’re using, device settings, unique device identifiers, geo-location data, and crash data. Whether we collect some or all of this information often depends on what type of device you are using and its settings. Check the policies of your device manufacturer or software provider to learn more about what information your device makes available to us.

Log Files

Like most websites, our servers utilize log files. Log files store information including internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, platform type, date/time stamp, and number of clicks. Log files are used to analyze trends, administer the Website, track Users’ movement in the aggregate, and gather broad demographic information for aggregate use. We use log file information at times to help identify you as you browse and to gather broad technical and demographic information on who uses our website.

Google Analytics Features

We use Google Analytics to collect information about the use of the Website. Google Analytics collects information such as how often users visit the Website, what pages they visit when they do so, and what other sites they used prior to coming to the Website. We use the information we get from Google Analytics only to improve the Website. Google Analytics collects only the IP address assigned to you on the date you visit the Website, rather than your name or other identifying information. We do not combine the information collected through the use of Google Analytics with Personally Identifiable Information. Although Google Analytics plants a permanent cookie on your web browser to identify you as a unique user the next time you visit this site, the cookie cannot be used by anyone but Google. Google’s ability to use and share information collected by Google Analytics about your visits to this site is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. You can prevent Google Analytics from recognizing you on return visits to this Website by disabling the Google Analytics cookie on your browser. You can also view and change the currently available opt-outs for Google Ads.

Do Not Track Signals

Do Not Track is a feature in your web browser, which enables you to opt-out of the third party tracking of your online activities over time and across third party websites. We do not track users across third-party websites to provide targeted advertising, and therefore, do not process or comply with any web browser’s “do not track” signal or other similar mechanism that indicates a request to disable online tracking of individual users who visit this Website or use our Services. Third parties cannot collect any Personally Identifiable Information from this Website unless you provide it to them directly.

Personally-Identifying Information

We may collect Nonpublic Personal Information about you from the following sources:

  • Information from your loan applications or other loan and account forms
  • Information about your transactions with us or others
  • Information we receive from third parties, such as credit bureaus

“Nonpublic Personal Information” is nonpublic, personally identifiable financial information about you that we obtain in connection with providing a financial product or service to you. For example, Nonpublic Personal Information includes information regarding your account balance, payment history, and overdraft history, if applicable.

We may collect Personally Identifiable Information about you as well, including:

  • Your first and last name
  • Your home address
  • Your home or work telephone number
  • Your Social Security number
  • Your driver’s license number
  • Your birth date
  • Your email address

“Personally Identifiable Information” is individually identifiable information about an individual consumer collected by us and maintained in an accessible form.

How We Use Your Information

Uses of Information

Certain Non-Identifying Information would be considered a part of your Personally Identifiable Information if it were combined with other identifiers (for example, combining your zip code with your street address) in a way that enables you to be identified. But the same pieces of information are considered Non-Identifying Information when they are taken alone or combined only with other non-identifying information (for example, your viewing preferences). We may combine your Personally Identifiable Information with Non-Identifying Information and aggregate it with information collected from other Users to attempt to provide you with a better experience, to improve the quality and value of the Administrator Services and to analyze and understand how our Website and Services are used. We may also use the combined information without aggregating it to serve you specifically, for instance to deliver a product to you according to your preferences or restrictions.

If you supply us with your email address we may let you know by email about other products and services and product enhancements that may be of interest to you. You will have the opportunity to tell us you do not want to receive future messages with each message you receive. If you send us an email question or comment, we will use your email address to reply to you and we will temporarily store your email address, your message and our reply for quality assurance or to satisfy applicable laws and regulations. When we collect your email address this way, we will not use it for marketing our products and services unless you have given us permission.

If you wish to change any of your personal information, you may change it by logging into your account, or by contacting Customer Service, either through email, by mail, or by telephone as listed in the “How to Contact Us” section below.

What We Share

We are permitted under law to disclose Nonpublic Personal Information about you to other third parties in certain circumstances. For example, we may disclose Nonpublic Personal Information about you to third parties to assist us in servicing your loan or account with us, to government entities in response to subpoenas, and to credit bureaus. We do not disclose any Nonpublic Personal Information about you except as permitted by law.

Sometimes the law or other circumstances also require that we disclose Nonpublic Personal Information and/or Personally Identifiable Information about you to nonaffiliated third parties. Some examples are: when you ask or permit us to do so; when a school or lender needs that information in connection with your account, with agencies that assist us in servicing your loan; in response to subpoenas or court orders; with credit bureaus; when we suspect fraud or criminal activity; to protect our property and rights or that of a third party; to protect the safety of the public or any person; or to prevent or stop activity we may consider to be, or to pose a risk of being, illegal, unethical, or legally actionable activity.

We may employ third party companies and individuals to facilitate our Services, to provide the Services on our behalf, to perform Website-related Services (e.g., without limitation, maintenance services, database management, web analytics and improvement of the Website’s features) to assist us in analyzing how our Website and Services are used, or to perform other services (e.g., without limitation, sending postal mail and email, providing marketing assistance, and providing customer service). These third parties have access to your Nonpublic Personal Information and/or Personally Identifiable Information only to perform these tasks on our behalf; provided, however, that if you are redirected to a site or application maintained by a third party, the privacy policy of such site or application will control the use of any information you provide.

We may sell, transfer or otherwise share some or all of its assets, including your Nonpublic Personal Information and/or Personally Identifiable Information, in connection with a merger, acquisition, reorganization or sale of assets or in the event of bankruptcy.

VERMONT RESIDENTS: We will not disclose nonpublic personal financial information about you other than as permitted by law unless you authorize us to make that disclosure. Your authorization must be in writing or, if you agree, in electronic form. If you wish to authorize us to disclose your nonpublic personal financial information to nonaffiliated third parties, you may notify us at the address found under the “How to Contact Us” section below.

CALIFORNIA RESIDENTS: Notwithstanding the above, we will automatically manage accounts with California addresses as if the account holder has directed us not to share with non-affiliates. You may opt in and provide your consent using the contact methods described at the “How to Contact Us” section below.

Our Security Procedures

When you access the Website, you can be sure that your information is protected by reasonable and appropriate administrative, technical, and physical safeguards.

To access student loan account information and send emails via our Website, you will need a browser that supports the use of Secure Sockets Layer (IE 11.0 or higher or Chrome). This encryption technology helps ensure the authenticity of your online sessions and secures data being transmitted over the public Internet.

Internet Explorer displays a lock icon in a locked position on the status bar when you enter a secure site. When you leave a secure website, Internet Explorer displays a lock icon in an unlocked position on the status bar. If the page you are viewing uses frames, you may not see the key or lock, but can simply right-click anywhere in the frame and select “Properties”. If the website address (URL) starts with “https” the “s” indicates a secure site or area of the site.

Firstmark Services takes careful steps to safeguard customer information. We restrict access to your personal and account information to those employees who need to know that information to provide Services to you, and we regularly train our employees on privacy, information security, and their obligation to protect your information. We maintain reasonable and appropriate physical, electronic, and procedural safeguards that comply with federal and industry standards to guard your Nonpublic Personal Information and Personally Identifiable Information and we regularly test those safeguards to maintain the appropriate levels of protection.

Our Information Security divisions continually update and improve the security standards and procedures we use to help protect against anyone gaining unauthorized access to your confidential information, including through the Internet. We also build checks and balances into our procedures so that we can properly identify our customers.

You can help safeguard your Nonpublic Personal Information and Personally Identifiable Information by taking a few simple precautions. Protect your account numbers, passwords, PIN, and customer access numbers. Never disclose confidential information to unknown callers. You should always use a secure browser and current virus detection software, and never open email from unknown sources.

Children’s Privacy

The Website is not directed to children under 13. We do not knowingly collect, maintain or use Personally Identifying Information from the Website about children under age 13. If a parent or guardian becomes aware that his or her child has provided us with Personally Identifiable Information without their consent, he or she should contact us using the information below (“How to Contact Us”). If we confirm that we have collected such information we will take all reasonable measures to delete that information from our system as soon as reasonably possible.

Links to Other Websites and Services

We are not responsible for the practices employed by websites or services linked to or from our Website, including the information or content contained therein. Please remember that when you use a link to go from our Website to another website, our Policy does not apply to Third Party websites or services. Your browsing and interaction on any Third Party website or service are subject to that Third Party’s own rules and policies. In addition, you agree that we are not responsible and we do not control over any Third Parties that you authorize to access your user content. If you are using a Third Party website or service, and you allow such a Third Party access to your user content, you do so at your own risk. This Policy does not apply to information we collect by other means (including offline) or from other sources other than through the Website and applications.

How to Contact Us

If you have any questions about this Policy, please contact us by email or regular mail at the following address:

Firstmark Services
PO Box 82522
Lincoln, NE 68501-2522

Effective Date: May 25, 2018


Striving to provide superior customer service, Nelnet places great emphasis on its customers and their privacy rights. In doing so, Nelnet will comply with European Union Privacy Directives, most notably the EU General Data Protection Regulation. By providing our services, we may from time to time collect, store, use or process your personal data for legitimate business purposes, such as improving our products and services. Firstmark’s processing of your data is necessary for compliance with its contractual and legal obligations. Personal data means any identifier information, such as your name, social security number, identification number, location data, or other online identifiers and factors.


Although your data is generally stored within the United States, an international data transfer may occur if third party, cloud-based storage companies that Nelnet employs use servers located outside the United States.  Firstmark uses appropriate technical and organizational security measures including encryption of personal data and follows various industry standards and best practices to protect your personal data. Additionally, Firstmark requires its vendors and processors to abide by the European Union General Data Protection Regulation and to apply adequate security and technical safeguards. We will not transfer your data to or store your data in countries that have not been awarded an adequacy decision by the European Commission.


For general processing purposes, Firstmark will store your personal data for a period of seven years after full payment of the loan balance. However, Firstmark may retain such information for longer periods where legally required to do so based on its contractor or other legal obligations.


You have the right to withdraw consent for processing at any time. Further, you have the right to request access to and rectification, restriction or erasure of your personal data. Firstmark will afford you these rights, but it may not be able to do so where the processing is based on its contractual obligations, based on other legitimate interests, or carried out in the public interest.  Along with these rights, if you believe that your data has been mishandled in violation of a privacy directive, you have the right to lodge a complaint with the relevant supervisory authority. If you have questions or concerns about our data processing practices, please address such inquiries to our Data Protection Officer.


Contact Details for Privacy and Data-related Inquiries

Data Controller:

Firstmark Services
PO Box 82522
Lincoln, NE 68501-2522


Data Processor:

Nelnet, Inc.
Shawn Traudt
Chief Compliance Officer